Discover and read the best of Twitter Threads about #infosec

Most recents (24)

Attempt number 12, to try & suggest #SethRich leaked the DNC emails to Wikileaks & was killed by a Hillary Clinton hitsquad. This is in response 2 the actual bombshell reporting last wk that Russian Intelligence promoted this conspiracy idea #Qanon is mad.
This new #fakenews from alt-right is just a statement from a goofy private investigator Edward Butowsky submitted 2 the court. He was hired by Foxnews 2 try & find evidence that #SethRich leaked DNC emails to Wikileaks. Its his warped reality not, that of the FBI #infosec
And I suppose none of this should be surprising because back in 2016, days after #SethRich was murdered multiple propaganda shops went into overdrive. This tweet said a Hillary Clinton hitsquad killed the 1st Guccifer hacker. Marcel Lazăr is both still in jail and very much alive
Read 6 tweets
Many students asked my academic background by DMs and what is the best to do to work in #infosec. I will answer here:

1) I have a Master's Degree in Telecoms and Networks Engineering from @INP_ENSEEIHT.

2) There is not only one way to work in infosec, create your own!
In France the diploma is very important, this is stupid. Being a hacker is about the mindset, the curiosity, you as a person. Not a piece of paper.
Last but not least, I'm the last person you should ask advice. My life is crazy as hell for the last 2 years. I'm incredibly lucky. I planned nothing. I'm trying to bring my contribution to this world as I can. The only thing I can say is: Learn. Share. Help. Repeat.
Read 3 tweets
For those who want to learn about #infosec 🔐 here is a #thread that includes all my #infographics.
An easy way to learn new things 📖Feel free to share with your community🌐

Follow @Guillaume_Lpl for more things about #CyberSecurity #startup #ITsecurity #security #technologies
Some good tools useful in Infosec

Follow @Guillaume_Lpl for more things about #infosec #cybersecurity
Some good tools useful for OSINT

Follow @Guillaume_Lpl for more things about #infosec #cybersecurity
Read 20 tweets
Okay there's a serious flaw in the monetization calculations by Symantec. I really doubt these rogue IRA employees were making bank off of Shorte link shorteners. Most definitely did not make $1 million dollars from these #infosec #disinfo symantec.com/blogs/threat-i…
Stick with me as I walk through this. The IRA account @CathyTo47590555 first retweeted a Sh(.)st (Shorte) link on 10/27/15, this accnt had 8685 followers, twice the Symantec example. But most of the Shorte activity started in 05/2016
The example Symantec used had 4,123 followers and sent out 16,914 tweets that generated about 8362 retweets. So not particularly huge engagement and roughly every 2 tweets generated one retweet. #infosec #disinfo symantec.com/blogs/threat-i…
Read 10 tweets
Thread updated of my infograhics : To make things more convenient and to help beginners in #infosec , I decided to regroup my #infographics with this tweet ! #Cybersecurity #Startups #IoT #ITsecurity #Security #tools
Some good tools useful in Infosec : by @Guillaume_Lpl #infosec #cybersecurity #Infographic
Some good tools for Mobile APP Security Testing : by @Guillaume_Lpl #infosec #cybersecurity #Infographic
Read 13 tweets
A must read blog serious by @3r1nG on some of the techniques & trolling tactics that domestic social media trolls like the ones that come from the 4chan message boards used 2 run & manage multiple accounts. #infosec #disinfo #fakenews medium.com/@erin_gallaghe…
Sorry just noticed my typo. That should read “series”
Of note from @3r1nG article is the reference about creating "white noise" or general topic tweets to dilute out the political tweets. This was an area of contention around the Voty botnet that pushed politically charged content around the Al Franken sexual misconduct allegations
Read 3 tweets
1/ Thread: Few days ago, I had a nice discussion with a French #infosec professional. He told me: “Maybe you don’t know it but some French infosec pros don’t like what you are doing”

A clarification is needed.
2/ I’m very surprise by the amount of negative feedback I received from the French infosec community. I don’t know why but I don’t receive the same feedback from the others infosec community 🤷‍♂️
3/ Dear infosec pros, I don’t care if you don’t like my account because this account is not made for you. It is here to make things change, to solve issues, force companies to fix their sh*t, to have an impact on millions of people.
Read 9 tweets
As #espionage & #Eurovision coincide, here's #Albania the 1st finalist in this #history thread.
(Also for my #Australia readers seeking relief from #ausvotes as you start your Saturday, it's impressive you convinced them your continent counts 😎)
Next: #Азербайджан #Евровизија
For #Eurovision #Азербайджан and #Spying studies, here's an article from @warisboring about Azeri #aviation being well-placed to use my #Soviet favourite (Foxbat) to work #intelligence against my #USAF (Blackbird).
Zoom zoom 😎💕

nationalinterest.org/blog/buzz/spyp…
Next up for #Eurovision finalists with an #espionage twist is #Denmark, whose #Spying #Police (PET) scored a serious scoop in turning Colonel Oleg Gordievsky, the #Russian rezident (lead KGB controller), which later inspired actual #JamesBond plot points:
news.bbc.co.uk/2/hi/uk_news/m…
Read 12 tweets
Dear Twitter: Please help me reach my goal of 1M Retweets to extend hope, encouragement, motivation, confidence, and inspiration to all who struggle with a mental disorder, all underprivileged youth across America, and all adults 1/ #confidence
who consider themselves counted out by society and believe they can never accomplish anything worthwhile. This story is for you! 👉I was ushered from under center, out of my starting QB position, out of my junior yr. in high school and thrown into a prison cell. #inspiration /2
While my classmates walked the stage I was walking the prison yard shocked from hearing the news of my mother's untimely death. Suffering from Bipolar, I couldn't understand it all and no longer wanted to live. My suicidal tendencies evolved and I resolved to a life of /3
Read 10 tweets
[Big Announcement - Hack 0x04 Dance]

TL;DR I'm bringing back educational hacking streams, this week is a charity week benefiting my sister in law's non-profit which seeks to teach ballet to at-risk inner city girls, and I'm doing another 24 hour stream this Friday at 4PM CST.
Hey all! Last month I did a 24 hour charity live stream benefiting the @thirstproject clean water initiative. We raised over $1,100 in 24 hours for clean water in Africa and it... was... AMAZING.

This month, though, it's a bit more personal.
My sister in law has been teaching ballet to inner city, at-risk young girls for over a year. They are fantastic little dancers, but are performing in ripped tights and worn shoes, with no replacements handy. They're practicing out of churches that give them the free space,
Read 6 tweets
The @BBFC #AgeVerification "Certificate Standard" has been published.

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

ageverificationregulator.com/assets/bbfc-ag…
@BBFC Well, that was fast:

"this is the foundation of the non-statutory, voluntary age-verification certification scheme (the Scheme)"

"Only age-verification providers that meet the requirements of the Standard…will receive certification"

What happens to the ones that don't?
@BBFC [ Incidentally, I am going through this in real time with a mug of coffee, so there may be some jumping back and forth. Don't expect perfection. ]
Read 104 tweets
The #Notredamefire shocked the world and is a devastating loss for France. Sadly no tragedy can go unscathed from #disinfo anymore. Let's take a look at some of the bigger ones. France24.com has already compiled a pretty good list here: observers.france24.com/en/20190416-de…
While not outright #disinfo, #followthewhiteRabbit Richard Spencer, a leader in the White Nationalist movement was quick to capitalize on the #Notredamefire with this tweet.
And of course #Qanon conspiracies were all over the map. Everything from muslims to immigration to a #falseflag conspiracy to distract us from the impending arrests of Hillary Clinton, a host of "impending" imaginary #pedogate arrests and of course #fisagate
Read 14 tweets
Earlier this year I transitioned from product into security. This is my #infosec story.

It all started about two years ago with the WannaCry incident (en.m.wikipedia.org/wiki/WannaCry_…). Some rando had stopped malware from spreading by buying up a domain name, and this legit blew my mind.
I thought you had to have serious 1337 chops to stop worldwide cyberattacks?? Apparently I’ve had it in me all this time?

Well that 'rando' happened to be on Twitter, and not only did he possess actual 1337 chops, but a wicked sense of humour to boot.
I’m talking about the fabulous @MalwareTechBlog of course. Shortly after that I found @malwareunicorn, who is living proof that 1337 chops and fashion can go hand in hand (come to think of it, why the heck not). Then @SwiftOnSecurity, and down the security rabbit hole I went...
Read 11 tweets
Hi #infosec Twitter, should I be worried about this unsecured iPad being used to process credit card swipes?
Joke's on me the POS wasn't wired to the other end to print order tickets and they didn't start working on my order until my flight was almost done boarding and I complained :(

Got a refund.
Read 3 tweets
I recently acquired another copy of the Hagakure whilst at Half Price Books. This was an illustrated copy.

(Yes, I am tsundoku).

Tsunemoto's meditations on dying have germane parallels in #infosec.

A thread.
One of the morning meditations for a Samurai is to meditate on the various ways they could die. This sounds very morbid. But there was a practical application to it.
Some military training involves subjecting the trainee to a horrible situation (like drowning) in a controlled setting so when it happens in the real world, they don't panic when it happens.
Read 17 tweets
More of the Steele #Dossier appeared to be confirmed by a new report yesterday. "Russian IRA trolls pumped out malware along with pro-Trump messages" They used link shorteners that appear 2b specific 2 a Webzilla client based in Poland #FISA #SteeleDossier
While doing research on the new Mcclatchy report we saw alot of "eggplant" accounts pushing out propaganda that Steele Dossier was fake or Russian disinformation. More "eggplant" accnts (new accounts with no profile pic) on message than we've seen in a long time #disinfo #infosec
In fact there were a number of stories yesterday from conservative & alt-right websites like RedState, TruePundit, and Daily Caller pushing the theme that Steele Dossier was fake. A tweet from Sen. Rand Paul was also a popular retweet #FISA #SteeleDossier #FusionGPS
Read 7 tweets
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!
Fun fact aside: even if I wanted, I can not "see how it works" as that link is locked and not clickable.

Also, there is no alternative to verify. This is practically a "give #Facebook the secret password to your personal email account, or bust" kinda thing.
Just in case anyone needs it, the link I was pushed to is
facebook.com/confirmemail.p…
Read 7 tweets
We did an interesting analysis a few days ago where we compared the Twitter wordclouds between our #Hamilton68 subset of trolls focused on US politics to that of the group of mostly American activists called #the200". They were featured here in politico politico.com/story/2019/02/…
First the domestic subset of our Russian influencer #Hamilton68 accts. Jussie Smollett featured more prominently which makes sense as provoking racial division has been a successful core strategy since 2016. #walkaway & #creepypornlawyer were also more prominent --#disinfo #osint
Over the same period of time a wordcloud was generated 4 #the200 group of accnts. Actually now roughly 180 due 2 Twitter suspensions. With the exception of the hashtags in red like #buildthewall & #aag which is the call sign 4 one of the accnts, there was overlap with #hamilton68
Read 8 tweets
So finally got to the newest #Hamilton68 wordclouds. A few interesting things to note. First up the subset of #hamilton68 twitter troll accounts focused on US politics. This is 62k tweets from between Feb 27th through Mar 2nd. #infosec #disinfo #osint #psyops
These #Hamilton68 accounts were promoting #cpac2019, not surprisingly the controversy surrounding #IlhanOmar and a couple interesting smaller new hashtags #the200 and #themighty200 that I will discuss later in the thread. Also of note is the minimal attention to Tulsi Gabbard.
Looking at the #Hamilton68 subset of accounts focused on Russian geopolitics the conflict in Venezuela (#HandsOffVenezuela) was featured and new was the conflict between India and Pakistan. The #integrityinitiative continued to be a focus and again Tulsi was not that prominent
Read 16 tweets
Oh come on spammers... embedding text within a photo to defeat language processing?

Urgh... tips anyone? #infosec #nowwhat
Dissecting this one:

Standard HTML opening:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>
<body>
Line 5: random commenting
<!-- cubzc --> <img width="651" height="692" src="cid:fk_522.png"> <!-- ijtgyaksrah -->

- Need to look at this src="CID bit
Read 36 tweets
A few wks ago new words in the wordclouds of our domestic subset of #Hamilton68 Russian sympathizer accnts appeared on the topic of abortion. President Trump has been bleeding support among evangelicals & campaigns #walkaway & #buildthewall have proved ineffective #infosec #osint
It makes sense the #GOP would go back 2 their time tested political issue of abortion. And in this case push the most emotionally charged fringe like late-term abortions. The #Hamilton68 subset focused on Russian geopolitics showed a steady uptick around the topic #infosec #osint
We also looked at another #Hamilton68 subset that focuses on US Politics and contains a high level foreign sourced accounts & saw the same thing. This subset showed a dramatic increase in terms like abortion and late-term abortion. Something we've not seen before #infosec #osint
Read 8 tweets
EMOTET ANALYSTS: Everyday, our team sees 5-15 clients networks wrecked by Emotet. Cleanup/response can take 3d - 3mo depending on IT department skills, tools, and telemetry. We’re creating a “synchronized” removal capability and could use additional perspective. 1/x
We know the core of lateral movement for Emotet, TrickBot, Qakbot, etc. is abusing of elevated creds/tokens, standard local admin passwords, and MS17-010 for poorly maintained networks. With these, payloads are dropped to remote shares via SMB & started via remote services. 2/x
For starts, we could use some perspective to make sure there’s not more we’re missing in regards to lateral movement.

We are aware of email spreading and browser password scraping plugins. However, we like to scope this to stopping local self-propagation of the bot first. 3/x
Read 13 tweets
This #smollett story is a runaway train and a complete mess. Actual CPD detectives saying rumors circulating are not true. Safe to say at this point anything could be true and anything could be false. #disinfo #fakenews
When you have these as your major #Twitter nodes & 9% bot participation 4 the #Smollett story I think you can safely say its best to turn off #foxnews & #cnn, let the dust settle and come back in a few days to let "sourced" reporting bubble to the top. #infosec #disinfo #fakenews
OMG ... I mean why not double down on the crazy and say one of the 2020 presidential candidates also helped plan a hoax which may in fact itself be a hoax on #smollett. Who knows? #walkaway from unsourced news reporting #disinfo and #fakenews #infosec #psyops
Read 3 tweets
Last wk we noticed that an entire subset of our #Hamilton68 accounts had been suspended in mass. We have seen suspended accounts from time to time but not a whole set. To be clear these were bot accnts so it made sense they would all get suspended at once. #infosec #osint
We determined from our archive that they were mostly suspended around January 26th and this was the last tweet in our archive. #infosec #hamilton68 #osint
Some searching on Twitter & we found that our fellow bothunters @conspirator0 & @ZellaQuixote had already put out this excellent thread on Jan 24th outing most of the accounts in this small botnet. I apologize 4 missing it at the time #infosec #hamilton68
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!